Techdirt. Stories filed under "uplay"Easily digestible tech news...https://www.techdirt.com/
en-usTechdirt. Stories filed under "uplay"https://ii.techdirt.com/s/t/i/td-88x31.gifhttps://www.techdirt.com/Wed, 10 Apr 2013 05:45:56 PDTUbisoft uPlay Launcher Exploit Strips DRM From All Publisher's GamesTimothy Geignerhttps://www.techdirt.com/articles/20130409/13010922637/ubisoft-uplay-launcher-exploit-strips-drm-all-publishers-games.shtml
https://www.techdirt.com/articles/20130409/13010922637/ubisoft-uplay-launcher-exploit-strips-drm-all-publishers-games.shtmlUbisoft's history of DRM use has been...interesting. One could nearly write an entire book on how to fail at DRM using nothing but examples from the company. DRM that allows hackers to take control of gamers' machines. DRM punishing only paying customers when Ubisoft decides to move their servers. DRM that is, seriously, comprised of f$#%ing vuvuzelas. What you'll notice as a trend in these examples, however, is that at least Ubisoft was content to punish only their own customers or themselves, depending on the situation.

Not so, any longer. Their uPlay client for PCs was built so poorly that a simple tool developed by hackers can fool the client into thinking users already own copies of games, allowing for completely DRM-free versions of games from other publishers to be downloaded for free from their platform. As an apparent sign of solidarity by Ubisoft, they also managed to offer up their own unreleased game via the exploit as well.

The vulnerability is allegedly present in the uPlay launcher, which when exploited gives DRM free access to gaming titles from almost all game publishers including the likes of EA Games and Square Nix. Far Cry 3: Blood Dragon, which hasn’t been released yet, is lying on Ubisoft servers which hackers have downloaded. As a proof of the exploit, hackers even posted an 1 hour 30 mins long footage of the game.

Typically, when one does something over a long period of time, one gets better at it. Ubisoft appears to be an anomaly in this respect, going so far backwards on the practice of DRM that even their own client software can strip it out with but a little assistance from hackers. Nevermind how stupid and useless DRM is to begin with; now publishers can't even trust the software that is supposed to deliver it. With enemies of DRM hidden everywhere, even in inanimate software, perhaps it's time to give it up entirely.

Permalink | Comments | Email This Story
]]>oopsiehttps://www.techdirt.com/comment_rss.php?sid=20130409/13010922637Mon, 30 Jul 2012 04:38:01 PDTUbisoft DRM Fiasco: Allows Any Website To Take Control Of Your ComputerMike Masnickhttps://www.techdirt.com/articles/20120730/04291119876/ubisoft-drm-fiasco-allows-any-website-to-take-control-your-computer.shtml
https://www.techdirt.com/articles/20120730/04291119876/ubisoft-drm-fiasco-allows-any-website-to-take-control-your-computer.shtmlSony rootkit fiasco, when it was discovered that Sony Music was using some DRM on its CDs that self-installed a rootkit (without letting users know) that had all sorts of security problems and vulnerabilities. The company took a massive hit for this, and you would think that others would be a lot more careful with their own DRM. You would think. But, then you don't know Ubisoft. The vast majority of times we've ever discussed Ubisoft in these pages, it's been because the company was doing something ridiculous with DRM. The company loves its DRM and seems to refuse to recognize that pissing off legitimate customers isn't such a good idea.

So would it come as any surprise that it may now be facing a "rootkit moment" of its own?

Basically, it appears that Ubisoft's DRM is installing an accidental backdoor that makes it possible for any website to effectively take control over your computer. That's... uh... pretty bad.

From the details, the real problem sounds to be one of exceptionally poor coding, rather than maliciousness. Basically, they wanted to let you launch the game via a website, but failed to limit it to just the game -- meaning that a site can make use of the plugin to basically do a whole bunch of stuff on your computer (including things you don't want it to do). The browser plugin is easy to remove (and you should, um, immediately, if you've installed any Ubisoft games), so it's not quite as messy as Sony's rootkit, which was pretty deeply buried. But it's still really bad.

Yet another case of DRM really making life difficult for legitimate customers who paid money for your product. When will companies figure out that DRM does nothing to stop piracy, but makes life really difficult for the people who actually give you money?